chore(deps): update dependency google-cloud-aiplatform to v1.133.0 [security]#13878
Conversation
Summary of ChangesHello @renovate-bot, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request performs a critical security and feature upgrade for the Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request updates the google-cloud-aiplatform dependency across several requirements-test.txt and requirements.txt files to version 1.133.0. This update is important as it addresses a security vulnerability (CVE-2026-2473) related to predictable bucket naming in Vertex AI Experiments, which could lead to cross-tenant remote code execution, model theft, and poisoning. The changes are straightforward dependency version bumps, and no further action is needed beyond merging this update to incorporate the security fix and new features.
This PR contains the following updates:
==1.64.0→==1.133.0==1.57.0→==1.133.0==1.62.0→==1.133.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2026-2473
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting).
This vulnerability was patched and no customer action is needed.
Release Notes
googleapis/python-aiplatform (google-cloud-aiplatform)
v1.133.0Compare Source
Features
optimize_promptmethod (715cc5b)Bug Fixes
examples_dataframetype toPandasDataFramein Prompt Optimizer. (a2564cc)v1.132.0Compare Source
Features
Documentation
restart_job_on_worker_restartin message.google.cloud.aiplatform.v1beta1.Schedulingis changed (71747e8)timeoutin message.google.cloud.aiplatform.v1beta1.Schedulingis changed (71747e8)v1.131.0Compare Source
Features
Bug Fixes
v1.130.0Compare Source
Features
min_gpu_driver_versionis added to message.google.cloud.aiplatform.v1beta1.MachineSpec(26dfdfe)Documentation
ReplicatedVoiceConfig.mime_typecomment (26dfdfe)ReplicatedVoiceConfig.mime_typecomment (26dfdfe)v1.129.0Compare Source
⚠ BREAKING CHANGES
transfer_to_agentis removed from message.google.cloud.aiplatform.v1beta1.EventActionsbigtable_metadatafield name inFeatureOnlineStoreenableDirectBigtableAccessfield name in FeatureOnlineStore`bigtable_metadatafield name inFeatureViewFeatures
gpu_partition_sizeinmachine_specv1 api (e0bc3d8)ReplicatedVoiceConfigtoVoiceConfigto enable Gemini TTS voice replication (e0bc3d8)ReplicatedVoiceConfigtoVoiceConfigto enable Gemini TTS voice replication (e0bc3d8)SUCCESSFULLY_DEPLOYEDandFAILED_TO_DEPLOYtoDeploymentStage(e0bc3d8)SUCCESSFULLY_DEPLOYEDandFAILED_TO_DEPLOYtoDeploymentStage(e0bc3d8)Bug Fixes
transfer_to_agentis removed from message.google.cloud.aiplatform.v1beta1.EventActions(e0bc3d8)adk deploy agent_engine(9301551)from vertexai.types import TypeNamewithout needing to runfrom vertexai import typesfirst (46285bf)from vertexai.types import TypeNamewithout needing to runfrom vertexai import typesfirst (f4a6cbe)bigtable_metadatafield name inFeatureOnlineStore(e0bc3d8)bigtable_metadatafield name inFeatureView(e0bc3d8)enableDirectBigtableAccessfield name in FeatureOnlineStore` (e0bc3d8)Documentation
filterin message.google.cloud.aiplatform.v1beta1.ListSessionsRequestis changed (e0bc3d8)package_specin message.google.cloud.aiplatform.v1.ReasoningEngineSpecis changed (e0bc3d8)package_specin message.google.cloud.aiplatform.v1beta1.ReasoningEngineSpecis changed (e0bc3d8)ReasoningEngineSpecis changed (e0bc3d8)ReasoningEngineSpecis changed (e0bc3d8)Miscellaneous Chores
v1.128.0Compare Source
Features
pass_ratetoAggregatedMetricResultand calculate it for adaptive rubric metrics. (1f1f67e)build optionsin Agent Engine GCS Deployment. (28499a9)build optionsin Agent Engine source-based Deployment. (f7e718f)Bug Fixes
v1.127.0Compare Source
Features
Bug Fixes
Documentation
v1.126.1Compare Source
Bug Fixes
v1.126.0Compare Source
Features
Bug Fixes
v1.125.0Compare Source
⚠ BREAKING CHANGES
cloudtrace.googleapis.comtotelemetry.googleapis.comfor tracing API.Features
Bug Fixes
agent_info.agentincreate_evaluation_runin Vertex AI GenAI SDK evals. (d02a7da)Miscellaneous Chores
cloudtrace.googleapis.comtotelemetry.googleapis.comfor tracing API. (c81f912)v1.124.0Compare Source
⚠ BREAKING CHANGES
Features
Bug Fixes
datasetincreate_evaluation_runin Vertex AI GenAI SDK evals (741c6ad)Miscellaneous Chores
v1.123.0Compare Source
Features
appinput in AdkApp template (10ca56f)showin Vertex AI GenAI SDK evals (d62afc3)Bug Fixes
Documentation
v1.122.0Compare Source
Features
create_evaluation_setandcreate_evaluation_itemmethods to Vertex AI GenAI SDK evals (83553a9)evaluation_dfinput support tocreate_evaluation_runmethod in Vertex AI GenAI SDK evals (7a1262b)inference_configstocreate_evaluation_runmethod in Vertex AI GenAI SDK evals (5b5e6bd)labelsto EvaluationRun in Vertex AI GenAI SDK evals (67cf80b)metricstocreate_evaluation_runmethod in Vertex AI GenAI SDK evals (ce35218)showmethod for EvaluationRun for Vertex AI GenAI SDK evals (dc16065)Bug Fixes
showmethod for EvaluationRun for Vertex AI GenAI SDK evals (3ac82ea)v1.121.0Compare Source
⚠ BREAKING CHANGES
Features
ScaleToZeroSpecis added (62ea30a)class_methodsin Agent Engine config. (af8c898)Bug Fixes
Miscellaneous Chores
v1.120.0Compare Source
Features
get_evaluation_setandget_evaluation_itemmethods to Vertex AI GenAI SDK evals (7757886)showmethod for EvaluationRun class in Vertex AI GenAI SDK evals (0c932b9)Bug Fixes
Documentation
v1.119.0Compare Source
Features
get_evaluation_runmethod response in Vertex AI GenAI SDK evals (f07ecc3)v1.118.0Compare Source
⚠ BREAKING CHANGES
Features
create_evaluation_runmethod to Vertex AI GenAI SDK evals (7db9b4f)get_evaluation_runmethod to Vertex AI GenAI SDK evals (bbbadbc)Bug Fixes
Documentation
dedicated_endpoint_disabledin message.google.cloud.aiplatform.v1beta1.DeployRequestis changed (0722687)Miscellaneous Chores
v1.117.0Compare Source
Features
Documentation
v1.116.0Compare Source
Features
Bug Fixes
contextin Grounding metric (e75d91f)Documentation
v1.115.0Compare Source
⚠ BREAKING CHANGES
optimize_promptmethod no longer returns the parsed response directly. Code must be updated to access the.raw_text_responseor.parsed_responseattribute on the new return object.Features
has_template_configto MultimodalDataset. (97a6e71)Bug Fixes
Documentation
Miscellaneous Chores
v1.114.0Compare Source
Features
Bug Fixes
v1.113.0Compare Source
Features
Bug Fixes
v1.112.0Compare Source
Features
gpu_partition_sizeparameter to Model.deploy() method. (966c236)gpu_partition_sizetype hint tostr. (910016d)api_keyparameter to vertexai.Client (a9ffc60)Bug Fixes
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.